1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
|
PublicDateAtUSN: 2017-08-10
Candidate: CVE-2017-7547
PublicDate: 2017-08-16
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7547
https://www.postgresql.org/about/news/1772/
http://www.ubuntu.com/usn/usn-3390-1
Description:
PostgreSQL versions before 9.2.22, 9.3.18, 9.4.13, 9.5.8 and 9.6.4 are
vulnerable to authorization flaw allowing remote authenticated attackers to
retrieve passwords from the user mappings defined by the foreign server
owners without actually having the privileges to do so.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by: Jeff Janes
Assigned-to:
Patches_postgresql-9.1:
upstream_postgresql-9.1: needs-triage
precise/esm_postgresql-9.1: needs-triage
trusty_postgresql-9.1: needs-triage
vivid/ubuntu-core_postgresql-9.1: DNE
xenial_postgresql-9.1: DNE
zesty_postgresql-9.1: DNE
devel_postgresql-9.1: DNE
Patches_postgresql-9.3:
upstream_postgresql-9.3: released (9.3.18)
precise/esm_postgresql-9.3: DNE
trusty_postgresql-9.3: released (9.3.18-0ubuntu0.14.04.1)
vivid/ubuntu-core_postgresql-9.3: DNE
xenial_postgresql-9.3: DNE
zesty_postgresql-9.3: DNE
devel_postgresql-9.3: DNE
Patches_postgresql-9.5:
upstream_postgresql-9.5: released (9.5.8)
precise/esm_postgresql-9.5: DNE
trusty_postgresql-9.5: DNE
vivid/ubuntu-core_postgresql-9.5: DNE
xenial_postgresql-9.5: released (9.5.8-0ubuntu0.16.04.1)
zesty_postgresql-9.5: DNE
devel_postgresql-9.5: DNE
Patches_postgresql-9.6:
upstream_postgresql-9.6: released (9.6.4-1)
precise/esm_postgresql-9.6: DNE
trusty_postgresql-9.6: DNE
vivid/ubuntu-core_postgresql-9.6: DNE
xenial_postgresql-9.6: DNE
zesty_postgresql-9.6: released (9.6.4-0ubuntu0.17.04.1)
devel_postgresql-9.6: not-affected (9.6.4-1)
|